Obfuscating programs using matrix tensor products

ABSTRACT

A method for compiling a matrix-product program into an obfuscated-matrix-product program includes receiving a plurality of matrices that form the matrix-product program, randomly generating a set of independent and invertible tensor-product matrices, randomly generating a set of independent and invertible linear-transform matrices, and generating a dynamic-fence-generation gadget by processing at least one of the plurality of matrices, the set of tensor-product matrices and the set of linear-transform matrices. The dynamic-fence-generation gadget is an obfuscated version of computer program represented by the plurality of matrices.

GOVERNMENT LICENSE RIGHTS

This invention was made with government support under contract numberW911NF-15-C-0236 awarded by the Defense Advanced Research ProjectsAgency (DARPA). The government has certain rights in the invention.

TECHNICAL FIELD

Embodiments of the present disclosure are directed to methods andsystems for transforming or compiling a computer program or circuit intoan equivalent obfuscated version of the program or circuit. Theobfuscated version is considered secure if it is computationally hard torecover the original program or any of its secrets by reverseengineering the obfuscated program.

DISCUSSION OF THE RELATED ART

Obfuscation is the deliberate act of creating software that is difficultfor humans to understand, by using, e.g., needlessly roundaboutexpressions to compose statements. Programmers may deliberatelyobfuscate code to conceal its purpose or the logic or implicit valuesembedded in it, to prevent tampering and reverse engineering, or as apuzzle or recreational challenge. Automated code obfuscation can helpprotect trade secrets contained within the software by makingreverse-engineering a program by decompiling an executable or librarydifficult and economically unfeasible. Obfuscating source code can alsohelp protect licensing mechanisms and unauthorized access, and canshrink the size of the executable.

There are two classes of obfuscations of programs known in the priorart. The first class relates to heuristic methods of obfuscating theprogram by adding redundant steps, renaming variables to beincomprehensible, etc. While, this class of obfuscation is enough tohide the details of the program from a casual reader, automated toolscan be built into reverse engineer or “de-compile” the obfuscatedprogram. The second class of obfuscation of programs are built usingtools commonly used in cryptography, i.e. using some computationallyhard algorithm, or at least a hard problem for which no easy solution isknown, such as the factorization of product of large primes. However,the only known such obfuscation technique uses a cryptographic methodcalled the hard multilinear map, which in turn is built on a well-knownhard problem of “learning with errors” or more generically referred toas noisy encodings. However, this solution is very inefficient as theparameters required to make re-engineering or de-compilation theobfuscation hard tend to be very large because of the “noisy encodings”.

There are also some other ad hoc methods known which claim to obfuscatesecurely, however all such techniques are known to be susceptible toreverse engineering attacks.

SUMMARY

Embodiments of the present disclosure can provide a secure and efficientobfuscation method for computer circuits and programs.

Embodiments of the present disclosure can provide a set of instructionsfor running an obfuscated program on a standard computer.

According to an embodiment of the disclosure, there is provided a methodfor compiling a matrix-product program into an obfuscated-matrix-productprogram. The method includes the steps of receiving a plurality ofmatrices that form the matrix-product program, randomly generating a setof independent and invertible tensor-product matrices, randomlygenerating a set of independent and invertible linear-transformmatrices, and generating a dynamic-fence-generation gadget by processingat least one of the plurality of matrices, the set, of tensor-productmatrices and the set of linear-transform matrices. Thedynamic-fence-generation gadget is an obfuscated version of computerprogram represented by the plurality of matrices.

According to a further embodiment of the disclosure, each of thetensor-product matrices are over a finite field.

According to a further embodiment of the disclosure, each of thetensor-product matrices are over integers modulo a prime number.

According to a further embodiment of the disclosure, thedynamic-fence-generation gadget includes a plurality of step-gadgetswherein each of the plurality of matrices is associated with one of theplurality of step-gadgets.

According to a further embodiment of the disclosure, processing the atleast one of the plurality of matrices comprises a plurality ofprocessing sub-steps wherein each sub-step processes one of theplurality of matrices to produce said step-gadget.

According to a further embodiment of the disclosure, the step-gadget isa quadratic function of its input and embedded within the quadraticfunction is the one of the plurality of matrices.

According to a further embodiment of the disclosure, the step gadget isa matrix S_(i,b) defined as S_(i,b)=mat{F_(i,b,1)⁻¹×T_(i,b,x)×F_(i,b,m+1)×(F_(i,b,1) ⁻¹×T_(i,b,x)×F_(i,b,m+1))^(T)×vecC_(i,b)}, wherein i=1 to n, m<n, b=0 or 1, S_(i,b) is a t×t matrix, t≥2,C is one of the plurality of matrices that form the matrix-productprogram, F is one of the set of linear-transform matrices,T_(i,b,x)=Π_(j=1,m)F_(i,b,j)×(G_(i,j,z)⊗H_(i,j,z))×F_(i,b,j+1) ⁻¹ is at²×t² matrix, G_(i,j,z)⊗H_(i,j,z) is one of the set of tensor-productmatrices, and z=x[j] wherein x is an input bit string of length m,wherein x[j]=0 or 1 for j=1 to m.

According to a further embodiment of the disclosure, the method includescomputing a plurality of matrices T_(i,b,x) for different inputs x and amatrix S_(i,b) for each of the plurality of matrices T_(i,b,x),generating a matrix M from a sub-sequence of Mon²(vec(T_(i,b,x))) foreach of the plurality of matrices T_(i,b,x), generating a matrix N byvectorizing each matrix S_(i,b) and forming a matrix from the vectorsvec(S_(i,b)), and generating an obfuscated programOP=mat{V*Mon²(vec(X))_(top)}. V=N*M⁻¹ and Mon²(vec(X))_(top), is a topsub-sequence of Mon²(vec(X)), wherein X is a new variable and OP is anobfuscation of a program represented by X.

According to a further embodiment of the disclosure, generating adynamic-fence-generation gadget further comprises combining the set oflinear-transform matrices and the set of tensor-product matrices.

According to a further embodiment of the disclosure, combining the setof linear-transform matrices and the set of tensor-product matricesincludes selecting one of the set of tensor-product matrices and one ofthe set of linear-transform matrices, and applying the selectedlinear-transform matrix to a vectorization of the selectedtensor-product matrix.

According to an embodiment of the disclosure, there is provided a methodfor executing an obfuscated-matrix product program on an input bitstring. The method includes the steps of receiving an input bit-string,selecting a subset of a set of matrices of a matrix-product programusing at least one bit of the input bit-suing, processing the subset ofmatrices into a set of column-matrices, generating a set of degree-twotensors by processing a set of tensor-product matrices and a set oflinear transform matrices, wherein each of the set of degree-two tensorscorresponds to one of the set of column-matrices, generating a sequenceof gadget-outputs by providing the degree-two tensors to the set ofcolumn matrices, and generating an output matrix of the said function bypost-processing the sequence of gadget-outputs.

According to a further embodiment of the disclosure, processing a set oftensor-product matrices and a set of linear transform matrices includescalculating a set of matrices T_(i,b,x) for i=1 to n, b=x[i]=0 or 1, xis the input bit-string, defined asT_(i,b,x)=Π_(j=1,m)F_(i,b,j)×(G_(i,j,z)⊗H_(i,j,z))×F_(i,b,j+1) ⁻¹ is at²×t² matrix, t≥2 where F is one of the set of linear-transformmatrices, G_(i,j,z)⊗H_(i,j,z) is one of the set of tensor-productmatrices, and z=x[j].

According to a further embodiment of the disclosure, the sequence ofgadget-outputs is a sequence of t×t matrices S_(i,b)=mat{_(i,b,1)⁻¹×T_(i,b,x)×F_(i,b,m+1)×(F_(i,b,1) ⁻¹×T_(i,b,x)×F_(i,b,m+1))^(T)×vecC_(i,b)}. vec C_(i,b) is one of the set of column-matrices, and C_(i,b),is one of the subset of matrices of a matrix-product program.

According to a further embodiment of the disclosure, post-processing thesequence of gadget-outputs comprises generating the output matrix bymultiplying the sequence of matrices S_(i,b).

According to a further embodiment of the disclosure, post-processing thesequence of gadget-outputs comprises outputting TRUE if and only if anoutput matrix W=Π_(i=1,n)S_(i,b) is not an identity matrix.

According to a further embodiment of the disclosure, the method includesoutputting false when W is equal to an identity matrix. According to anembodiment of the disclosure, there is provided a computer programproduct for compiling a matrix-product program into anobfuscated-matrix-product program comprising a non-transitory programstorage device readable by a conputer, tangibly embodying a program ofinstructions executed by the computer to cause the computer to perform amethod.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates an example of a matrix-product program according toan embodiment of the disclosure.

FIG. 2 illustrates an example of how a matrix-product program of FIG. 1is executed, according to an embodiment of the disclosure.

FIG. 3 illustrates the vectorization of a matrix, according to anembodiment of the disclosure.

FIG. 4 illustrates the tensor-product of matrices, according to anembodiment of the disclosure.

FIG. 5 shows that a tensor product has a sandwich effect when multipliedto the right of a column (matrix), according to an embodiment of thedisclosure.

FIG. 6 illustrates the dynamic fencing of a matrix-product programaccording to an embodiment of the disclosure.

FIG. 7 shows the composition of a dynamic fence generation gadget ofFIG. 6 according to an embodiment of the disclosure.

FIG. 8 illustrates the structure of a step gadget(i,b) of FIG. 7 forstep i and step input bit b, according to an embodiment of thedisclosure.

FIG. 9 illustrates a Matrix (i,b,j,z) of FIG. 8, according to anembodiment of the disclosure.

FIG. 10 illustrates the use of matrices (i,b,j,z) of FIG. 8 to build aninput for a root gadget of FIG. 8, according to an embodiment of thedisclosure.

FIG. 11 shows how an input computed from the various matrices of FIG. 8are processed by a root-gadget, according to an embodiment of thedisclosure.

FIG. 12 is a flow-chart of executing an obfuscated branching program ona set of inputs, according to an embodiment of the disclosure.

FIG. 13 illustrates a degree 2 monomials in s variables, according to anembodiment of the disclosure.

FIG. 14 presents pseudo-code for a procedure to obfuscate a root-gadget,according to an embodiment of the disclosure.

FIG. 15 illustrates an obfuscator that takes a matrix-product program Pand outputs a sandwiched tensor product for P.

FIG. 16 is a schematic of an exemplary cloud computing node thatimplements an embodiment of the disclosure.

FIG. 17 shows an exemplary cloud computing environment, according toembodiments of the disclosure.

DETAILED DESCRIPTION OF EXEMPLARY EMBODIMENTS

Exemplary embodiments of the disclosure as described herein generallyprovide methods and systems for transforming or compiling a computerprogram or circuit into an equivalent obfuscated version of the programor circuit. While embodiments are susceptible to various modificationsand alternative forms, specific embodiments thereof are shown by way ofexample in the drawings and will herein be described in detail. Itshould be understood, however, that there is no intent to limit thedisclosure to the particular forms disclosed, but on the contrary, thedisclosure is to cover all modifications, equivalents, and alternativesfalling within the spirit and scope of the disclosure.

An embodiment of a method of obfuscating a circuit comprises the stepsof converting the circuit into a matrix-product program known in theprior art as Barrington's theorem. Thereafter, the matrixproduct-program, which includes a collection of matrices, is obfuscatedby providing obfuscated gadgets that allow one to choose and multiply asubset of these matrices without revealing the matrices themselves.Embodiments use a tensor-product of additional random and invertiblematrices, which in turn are hidden using bigger linear transforms ofsuch tensor-product of matrices.

According to embodiments, in more detail, each of the matrices in theoriginal matrix-product program is embedded in an obfuscated gadget aspart of a quadratic function of the input to the obfuscated gadget. Theobfuscated gadget then unmasks the input of its linear transform, and ifthe resulting unmasked matrix is a tensor-product matrix, then it can befactored into two matrices. Next, the two factored matrices aremultiplied by the obfuscated gadget into the left and right of theoriginal matrix respectively. Embodiments provide a method ofimplementing such an obfuscated gadget while proving that generaltechniques of analyzing such gadgets do not work on this gadget, andhence the obfuscated gadget is secure.

Further embodiments of the disclosure teach how to use the obfuscatedgadget to evaluate the original circuit on any given input. It is wellknown that any computer program can be converted into a circuit. Thus,embodiments of the disclosure can be used for obfuscating any program.

FIG. 1 illustrates an example of a matrix-product program according toan embodiment of the disclosure. It is known that any program can betranslated into a matrix-product program. A matrix-product program of nsteps, and m binary-inputs, and a one-bit output, includes of n pairs ofinteger matrices denoted (C_(i,0), C_(i,1)) with i ranging from 1 to n.The matrix-product program also specifies a way to associate a singleinput-bit to each step. This association is done by a map called label,that maps numbers from 1 to n to numbers, from 1 to m. Thus, label(i)means that input bit number label(i) is associated with step i of theprogram. FIG. 1 illustrates such a program with 16 steps, n=16. Thepairs of 2×2 matrices are shown as figure elements 101 a. For each step1, the top matrix is C_(i,0) and the bottom matrix is C_(i,1). Thefigure also shows the label mapping (102). This program has m=3 binaryinputs, which are the labels 102 a below the matrices. The 1^(st) stephas input-bit number label(1)=3 (102 a) associated with it, andsimilarly steps 2 and 15 have input-bits 1 associated with them, andstep 16 has input-bit 2 associated with it.

While FIG. 1 illustrated a matrix-product program, according to anembodiment of the disclosure, FIG. 2 shows an example of how amatrix-product program of FIG. 1 is executed. The computation is on, aparticular three bit input, shown here as binary input array x (201).The binary input is used to pick one matrix from each step. Thus, sincelabel of step 1 is 3, the third input bit, i.e. x[3], is used, whichhappens to be 1, to select the bottom matrix for step 1, and ignore thetop matrix. Similarly, for step 2, since label[2]=1, x[1] is used, whichis 0, to pick the top matrix for step 2, and so forth Once a matrix ispicked for each step, they are multiplied together in that order asshown in 202. The resulting product-matrix, as shown in 203, is checkedto be equal to the identity matrix. If it is the identity matrix, theoutput of the matrix-product program on input x is FALSE else it isTRUE. For some matrix-product programs, the final product-matrix ischecked whether it is a scalar multiple of the identity matrix, and ifso the output is FALSE else TRUE. Matrix-product programs are known inthe art.

Some notation needs to be introduced. FIG. 3 illustrates thevectorization of a matrix (301), according to an embodiment, of thedisclosure. The vectorization operator, written as “vec M” for an m×nmatrix M, produces a column vector of length n*m, by scanning the matrixin a row-wise fashion, as shown in 301. The reverse operation ofreshaping a column into a matrix is simply denoted “mat”. A matrix canalso be vectorized by scanning it column-wise, but embodiments of thedisclosure consider row-wise scanning.

FIG. 4 illustrates the tensor-product of matrices, according to anembodiment of the disclosure. The tensor product of two matrices A andB, denoted by the operator ⊗, where A is a r×s matrix and B is a t×umatrix, is a (r*t)×(s*u) matrix. An example is given in FIG. 4, whichillustrates the tensor-product of a 2×2 matrix (401 a) and another 2×2matrix (401 b). The result is a 4×4 matrix (403). Intermediate result402 illustrates how the matrices A and B are multiplied. Thetensor-product of matrices is also known as the Kronecker product. Inaddition, a tensor-product of column-matrices is also known as theouter-product of the columns.

According to an embodiment, FIG. 5 shows that a tensor product has asandwich effect when multiplied to the right of a column (matrix). Awell-known rule is described in equation 501, which states that(A⊗B)×vec M=vec(A×M×B^(T)). The tensor product of matrices A and B whenmultiplied on the right of a vectorization of a matrix M has the effectof simultaneously multiplying M on the left with A and on the right bytranspose of B. An example of this rule or theorem is shown in 502. Notethat the left most matrix in equation 501 is the tensor product of 2 by2 matrices 401 a and 401 b shown in FIG. 4.

FIG. 6 illustrates the dynamic fencing of a matrix-product programaccording to an embodiment of the disclosure. A matrix-product programis obfuscated by using gadgets instead of the matrices (C_(i,0),C_(i,1)) of the matrix-product program described in FIG. 1. According toan embodiment, a gadget can be any transformation, and in this context amathematical transformation, with the implication is that it is beingused in a bigger construction, often repeatedly and in different ways.The gadgets can then be used to compute the original program on aparticular in-bit input. The gadgets by themselves do not reveal theoriginal matrices (C_(i,0), C_(i,1)) or any function of these other thanwhat is revealed by actually computing the output on any input. Thegadget 601 shown in FIG. 6 has the property that it takes an input x (asin 201) and a step number, say step number i, and produces a“dynamically-sandwiched” step i matrix S(i, x)=C_(i, x[label[i]]) 602.Gadget 601 will be referred to hereinbelow as a dynamic-fence generationgadget. Recall, on input x, the i-th step uses input-bit label[i], andhence the matrix C_(i, x[label[i]]). The gadget 601 produces adynamically-sandwiched version of C_(i, x[label[i]]). How thisdynamic-sandwich effect is achieved is described below. In particular,how the S(i,x) matrices output by 601 are employed to compute theprogram on input x will be described below with reference to FIG. 12.According to an embodiment, the structure of gadget 601 will bedescribed first, and it can be seen that the 101 a matricesC_(i, x[label[i]]) are embedded in the gadget 601.

According to an embodiment, FIG. 7 shows the composition of a dynamicfence generation gadget of FIG. 6, and that gadget 601 of FIG. 6 isitself composed of 2*n step gadgets 701, with n=16, one corresponding toeach matrix C_(i, x[label[i]]) where b is either 0 or 1.

FIG. 8 the structure of a step gadget(i,b) 701 of FIG. 7 for step i andstep input bit b, which will be referred to as Gadget(i,b), i.e. onecorresponding, to C_(i,b). This step gadget 701 is itself composed ofone root-gadget 802, and a plurality of matrices 801. There are twomatrices for each input-bit. Thus if there are m=3 input-bits then thereare 6 matrices 801. The matrices will be referred to as Matrix(i,b,j,z),where) ranges over 1 m, and z is either zero or one.

FIG. 9 illustrates a matrix (801)Matrix(i,b,j,z)=F_(i,b,j)×(G_(i,j,z)⊗H_(i,j,z))×F_(i,b,j+1) ⁻¹,according to an embodiment of the disclosure. Matrix (801) is theproduct of three matrices X, Y, Z, each of which is a 4×4 matrix, whereX=F_(i,b,j), Y=G_(i,j,z)⊗H_(i,j,z), and Z=F_(i,b,j+1) ⁻¹. In general,there could by (t*t)×(t*t) matrices, for t>=2. For simplicity ofexplanation, according to an embodiment, the case of t=2, and hence 4×4matrices, will be considered. However, embodiments are not limitedthereto, and t can be greater than 2 in other embodiments. The matrix Yis itself a tensor product of two 2×2 matrices G_(i,j,z) and H_(i,j,z).Note from the description, Z in Matrix(i,b,j,z) is the inverse of thematrix X in Matrix(i,b,j+1,z), Matrices X and Z may be referred toherein as linear transform matrices. Moreover, both gadgetsMatrix(i,b,j,0) and Matrix(i,b,j,1) use the same matrices X and Z,namely, F_(i,b,j) and inverse of F_(i,b,j+1) respectively. All thesematrices are chosen by a program obfuscator according to an embodimentto be invertible matrices.

Before describing the root-gadget (802) component of Gadget(i,b) (701),its input will be described. According to an embodiment, the input to aroot-gadget comes from selecting a subset of matrices 801 and takingtheir product. A subset selector (1001) is described with reference toFIG. 10. FIG. 10 illustrates the use of matrices (i,b,j,z) of FIG. 8 tobuild an input for a root gadget of FIG. 8. Going back to FIG. 8, whichshows the various component 801 matrices, the input x is again used tomake this selection. If for input-bit number j, x[j] is zero then thetop matrix is chosen, i.e. Matrix(i,b,j,0), otherwise the bottom matrixis chosen, i.e. Matrix(i,b,j,1). More succinctly, Matrix(i,b,j,x[j]) ischosen. Then these matrices are multiplied to produce matrix T(i,b,x),as shown in 1002. In general, T(i,b,x)=Π_(j=1,m)Matrix(i,b,j,x[j]),where b=x[label[i]]. This is then input to the root-gadget 802, asdescribed next with FIG. 11.

According to an embodiment, FIG. 11 shows how the input T(i,b,x)computed from the various matrices 801 using input x as shown in FIG. 10is processed by Root-Gadget(i,b) 802. This root-gadget has built into itsome function of C_(i,b). First, the behavior of this root-gadget, i.e.It's input-output behavior, will be described by assuming C_(i,b) isavailable in the clear. Root-gadget 802 first takes the input T(i,b,x)and multiplies it on the left by inverse of F_(i,b,1) and on the rightby F_(i,b,3+1) (recall, the number of inputs m is 3) to get a matrix,say W. Then W is multiplied by its own transpose, compute U=WW^(T).Next, U is multiplied into the vectorization of C_(i,b). The resultingvector is re-shaped into a matrix and that is the output of theroot-gadget. Thus, the output 602 of FIG. 6 for C_(i,b) in the clear is

S(i,x)=mat{F _(i,b,1) ⁻¹ ×F _(i,b,4)×(F _(i,b,1) ⁻¹ ×T(i,b,x)×F_(i,b,4))^(T)×vec C _(i,b)}.

Note that how such a gadget is implemented in an obfuscated program hasnot been described, or in other words, how such a root-gadget asdescribed in the paragraph is obfuscated. Of course, one naïve andinsecure obfuscation implementation would be to give C_(i,b), F_(i,b,1),F_(i,b,4) in the clear as part of the Root-Gadget(i,b). But, beforedescribing secure implementations of the Root-Gadget(i,b), how thecomplete set of gadgets are used to actually process an input x isdescribed with reference to FIG. 12.

FIG. 12 is a flow-chart of executing an obfuscated branching program ona set of inputs, using a dynamic-fence generation gadget (601) accordingto an embodiment to compute the output of the originalmatrix-product-program on an m-bit input x. A computation according toan embodiment begins at step 121 by initializing a matrix W to theidentity matrix. In an example with t=2, this is a 2×2 identity matrix.The step number variable i is initialized to 1. The input x is receivedat step 122. Then, using the input x, and the step number i, thedynamic-fence generation gadget 601 is used at step 123 to computematrix S(i,x) 602, as shown above in FIG. 11. W is then updated, at step124 by multiplying it on the right by S(i,x). This process is iteratedfrom step 125 by repeating steps 123 and 124 with the incremented stepnumber i. Once all the steps are exhausted, the final matrix W ischecked at step 126 to be the identity matrix. If so, the output isdeemed to be FALSE at step 127, else TRUE at step 128. In some alternateembodiments, the check can be for a scalar matrix rather than identitymatrix.

According to an embodiment, to describe how the root-gadget(i,b) isobfuscated, a concept of degree two monomials is introduced. Thisconcept is known in mathematics. FIG. 13 illustrates a degree 2monomials in s variables 1301. A tensor-product of this vector ofvariables, as described in FIG. 4, can be taken to obtain a vector ofdegree two monomials in x 1302. However, this tensor-product column hasmany repetitions. Thus, Mon²(x) 1303 represents this tensor-product of xwith itself but with repetitions removed. It can be seen that for avector {right arrow over (x)} of s variables, Mon²({right arrow over(x)}) is of size s*(s+1)/2.

FIG. 14 presents pseudo-code for a procedure to obfuscate theroot-Gadget(i,b), according to an embodiment of the disclosure. In step141, a security parameter t is initialized, and variable u isinitialized as u=t². The larger t is, the more secure the scheme.According to embodiments, t can be 2, 3, or 4. In step 142, computeT_(v)(i,b,x) for v=1 to (u*(u+1)/2)² using different inputs x. EachT_(v)(i,b,x) is a u×u matrix. At step 143, form the vectorMon²(vec(T_(v)(i,b,x))) for each of the T_(v)(i,b,x)'s computed in step2. Note that each vec(T_(v)(i,b,x)) has length u², and thusMon²(vec(T_(v)(i,b,x))) has size s*(s+1)/2, where s=u². At step 144,select the top (u*(u+1)/2)² sub-sequence of each Mon²(vec(T_(v)(i,b,x)))as Mon²(vec(T_(v)(i,b,x)))_(top). All of the computed vectorsMon²(vec(T_(v)(i,b,x)))_(top) are arranged in a matrix at step 145, togenerate a matrix M of dimension ((u*(u+1)/2)²)×((u*(u+1)/2)²). At step146, all of the above computed matrices T_(v)(i,b,x) are provided asinput to the root-gadget(i,b) as specified in FIG. 11 to generate a t×tmatrix S_(v)(i,x) for each matrix T_(v)(i,b,x). Note that eachroot-gadget(i,b) incorporates a matrix C_(i,b) of the original matrixproduct program. Each of the matrices S_(v)(i,x) is vectorized at step147, and arranged as a matrix N of vectors. Matrix N has dimensiont²×(u*(u+1)/2)². Set V=N*M⁻¹ at step 148. At step 149,Obfuscated-Root-Gadget(x)=mat(V*Mon²(vec(x))_(top)), for an arbitrarynew input x. Recall that the root-gadget takes as input a matrix T. Theobfuscated-root-gadget also takes the same input T and it's output isexactly the same as output of root-gadget 802 on inputs 1002 produced bythe gadget and, selector 1001 shown in FIG. 10.

In an alternative embodiment, matrix M is not invertible as required instep 10 to compute V. However, it is well known that there will be onesub-sequence of size (u*(u+1)/2)² of Mon²(T(i,b,x)) such that theresulting matrix M is invertible and there exists an efficient procedureto find this sub-sequence to get M. Then, the “top” subscript in theexpression Obfuscated-Root-Gadget(T)=mat(V*Mon²(vec(T))_(top)) wouldalso be the same sub-sequence as used to get the invertible M.

According to an embodiment, FIG. 15 illustrates an obfuscator, i.e., aprocedure or software or automated-compiler that takes a matrix-productprogram P 100 and outputs a sandwiched tensor product (601) for P. Thematrix-product program P 100 is the collection of matrices C_(i,b) thatmake up the original matrix product program of FIGS. 1 and 2. Theobfuscator 1501 is the compiler that generates dynamic-fence-generationgadget 601. In particular, the obfuscator 1501 randomly generates theindependent and invertible s×s matrix F and independent and invertiblet×t matrices G and H used in Matrix(i,b,j,z) in FIGS. 8-9 and 11.Dynamic-fence-generation gadget 601 does not operate on the originalmatrix product program but is rather built by obfuscator 1501 using theoriginal matrix product programs as described in FIGS. 6-11. As shown inFIG. 12, this dynamic-fence-generation gadget serves the purpose of theobfuscated program. The components of gadget 601 have already describedwith reference to FIGS. 6-9 and FIG. 14. Thus, the obfuscator 1501 takesits input, i.e. the matrix-product program, and generates thedynamic-fence generation gadget 601 as described in FIGS. 6-9 and F1G.14.

System Implementations

It is to be understood that embodiments of the present disclosure can beimplemented in various forms of hardware, software, firmware, specialpurpose processes, or a combination thereof. In one embodiment, anembodiment of the present disclosure can be implemented in software asan application program tangible embodied on a computer readable programstorage device. The application program can be uploaded to, and executedby, a machine comprising any suitable architecture. Furthermore, it isunderstood in advance that although this disclosure includes a detaileddescription on cloud computing, implementation of the teachings recitedherein are not limited to a cloud computing environment. Rather,embodiments of the present disclosure are capable of being implementedin conjunction with any other type of computing environment now known orlater developed. An automatic troubleshooting system according to anembodiment of the disclosure is also suitable for a cloudimplementation.

Cloud computing is a model of service delivery for enabling convenient,on-demand network access to a shared pool of configurable computingresources (e.g. networks, network bandwidth, servers, processing,memory, storage, applications, virtual machines, and services) that canbe rapidly provisioned and released with minimal management effort orinteraction with a provider of the service. This cloud model may includeat least five characteristics, at least three service models, and atleast four deployment models.

Characteristics are as follows:

On-demand self-service: a cloud consumer can unilaterally provisioncomputing capabilities, such as server time and network storage, asneeded automatically without requiring human interaction with theservice's provider.

Broad network access: capabilities are available over a network andaccessed through standard mechanisms that promote use by heterogeneousthin or thick client platforms e.g., mobile phones, laptops, and PDAs).

Resource pooling: the provider's computing resources are pooled to servemultiple consumers using a multi-tenant model, with different physicaland virtual resources dynamically assigned and reassigned according todemand. There is a sense of location independence in that the consumergenerally has no control or knowledge over the exact location of theprovided resources but may be able to specify location at a higher levelof abstraction (e.g., country, state, or datacenter).

Rapid elasticity: capabilities can be rapidly and elasticallyprovisioned, in some cases automatically, to quickly scale out andrapidly released to quickly scale in. To the consumer, the capabilitiesavailable for provisioning often appear to be unlimited and can bepurchased in any quantity at any time.

Measured service: cloud systems automatically control and optimizeresource use by leveraging a metering capability at some level ofabstraction appropriate to the type of service (e.g., storage,processing, bandwidth, and active user accounts). Resource usage can bemonitored, controlled, and reported providing transparency for both theprovider and consumer of the utilized service,

Service Models are as follows:

Software as a Service (SaaS): the capability provided to the consumer isto use the provider's applications running on a cloud infrastructure.The applications are accessible from various client devices through athin client interface such as a web browser (e.g., web-based email). Theconsumer does not manage or control the underlying cloud infrastructureincluding network, servers, operating systems, storage, or evenindividual application capabilities, with the possible exception oflimited user-specific application configuration settings.

Platform as a Service (PaaS): the capability provided to the consumer isto deploy onto the cloud infrastructure consumer-created or acquiredapplications created using programming languages and tools supported bythe provider. The consumer does not manage or control the underlyingcloud infrastructure including networks, servers, operating systems, orstorage, but has control over the deployed applications and possiblyapplication hosting environment configurations.

Infrastructure as a Service (IaaS): the capability provided to theconsumer is to provision processing, storage, networks, and otherfundamental computing resources where the consumer is able to deploy andrun arbitrary software, which can include operating systems andapplications. The consumer does not manage or control the underlyingcloud infrastructure but has control over operating systems, storage,deployed applications, and possibly limited control of select networkingcomponents (e.g., host firewalls).

Deployment Models are as follows:

Private cloud: the cloud infrastructure is operated solely for anorganization. It may be managed by the organization or a third party andmay exist on-premises or off-premises.

Community cloud: the cloud infrastructure is shared by severalorganizations and supports a specific community that has shared concerns(e.g., mission, security requirements, policy, and complianceconsiderations). It may be managed by the organizations or a third partyand may exist on-premises or off-premises.

Public cloud: the cloud infrastructure is made available to the generalpublic or a large industry group and is owned by an organization sellingcloud services.

Hybrid cloud: the cloud infrastructure is a composition of two or moreclouds (private, community, or public) that remain unique entities butare bound together by standardized or proprietary technology thatenables data and application portability (e.g., cloud bursting forloadbalancing between clouds).

A cloud computing environment is service oriented with a focus onstatelessness, low coupling, modularity, and semantic interoperability.At the heart of cloud computing is an infrastructure comprising anetwork of interconnected nodes.

Referring now to FIG. 16, a schematic of an example of a cloud computingnode is shown. Cloud computing node 1610 is only one example of asuitable cloud computing node and is not intended to suggest anylimitation as to the scope of use or functionality of embodiments of thedisclosure described herein. Regardless, cloud computing node 1610 iscapable of being implemented and/or performing any of the functionalityset forth hereinabove.

In cloud computing node 1610 there is a computer system/server 1612,which is operational with numerous other general purpose or specialpurpose computing system environments of configurations. Examples ofwell-known computing systems, environments, and/or configurations thatmay be suitable for use with computer system/server 1612 include, butare not limited to, personal computer systems, server computer systems,thin clients, thick clients, handheld or laptop devices, multiprocessorsystems, microprocessor-based systems, set top boxes, programmableconsumer electronics, network PCs, minicomputer systems, mainframecomputer systems, and distributed cloud computing environments thatinclude any of the above systems or devices, and the like.

Computer system/server 1612 may be described in the general context ofcomputer system executable instructions, such as program modules, beingexecuted by a computer system. Generally, program modules may includeroutines, programs, objects, components, logic, data structures, and soon that perform particular tasks or implement particular abstract datatypes. Computer system/server 1612 may be practiced in distributed cloudcomputing environments where tasks are performed by remote processingdevices that are linked through a communications network. In adistributed cloud computing, environment, program modules may be locatedin both local and remote computer system storage media including memorystorage devices.

As shown in FIG. 16, computer system/server 1612 in cloud computing node1610 is shown in the form of a general-purpose computing device. Thecomponents of computer system/server 1612 may include, but are notlimited to, one or more processors or processing units 1616, a systemmemory 1628, and a bus 1618 that couples various system componentsincluding system memory 1628 to processor 1616.

Bus 1618 represents one or more of any of several types of busstructures, including a memory bus or memory controller, a peripheralbus, an accelerated graphics port, and a processor or local bus usingan) of a variety of bus architectures. By way of example, and notlimitation, such architectures include Industry Standard Architecture(ISA) bus, Micro Channel Architecture (MCA) bus, Enhanced ISA (EISA)bus, Video Electronics Standards Association (VESA) local bus, andPeripheral Component Interconnect (PCI) bus.

Computer system/server 1612 typically includes a variety of computersystem readable media. Such media may be any available media that isaccessible by computer system/server 1612, and it includes both volatileand non-volatile media, removable and non-removable media.

System memory 1628 can include computer system readable media in theform of volatile memory, such as random access memory (RAM) 1630 and/orcache memory 1632. Computer system/server 1612 may further include otherremovable/non-removable, volatile/non-volatile computer system storagemedia. By way of example only, storage system 1634 can be provided forreading from and writing to a non-removable, non-volatile magnetic media(not shown and typically called a “hard drive”). Although not shown, amagnetic disk drive for reading from and writing to a removable,non-volatile magnetic disk (e.g., a “floppy disk”), and an optical diskdrive for reading from or writing to a removable, non-volatile opticaldisk such as a CD-ROM, DVD-ROM or other optical media can be provided.In such instances, each can be connected to bus 1618 by one or more datamedia interfaces. As will be further depicted and described below,memory 1628 may include at least one program product having a set (e.g.,at least one) of program modules that are configured to carry out thefunctions of embodiments of the disclosure.

Program/utility 1640, having a set (at least one) of program modules1642, may be stored in memory 1628 by way of example, and notlimitation, as well as an operating system, one or more applicationprograms, other program modules, and program data. Each of the operatingsystem, one or more application programs, other program modules, andprogram data or some combination thereof, may include an implementationof a networking environment. Program modules 1642 generally carry outthe functions and/or methodologies of embodiments of the disclosure asdescribed herein.

Computer system/server 1612 may also communicate with one or moreexternal devices 1614 such as a keyboard, a pointing device, a display1624, etc.; one or more devices that enable a user to interact withcomputer system/server 1612; and/or any devices (e.g., network card,modem, etc.) that enable computer system/server 1612 to communicate withone or more other computing devices. Such communication can occur viaInput/Output (I/O) interfaces 1622. Still yet, computer system/server1612 can communicate with one or more networks such as a local areanetwork (LAN), a general wide area network (WAN), and/or a publicnetwork (e.g., the Internet) via network adapter 1620. As depicted,network adapter 1620 communicates with the other components of computersystem/server 1612 via, bus 1618. It should be understood that althoughnot shown, other hardware and/or software components could be used inconjunction with computer system/server 1612. Examples, include, hut arenot limited to: microcode, device drivers, redundant processing units,external disk drive arrays, RAID systems, tape drives, and data archivalstorage systems, etc.

Referring now to FIG. 17, an illustrative cloud computing environment170 is depicted. As shown, cloud computing environment u0 comprises oneor more cloud computing nodes 1610 with which local computing devicesused by cloud consumers, such as, for example, personal digitalassistant (PDA) or cellular telephone 174A, desktop computer 174B,laptop computer 174C, and/or automobile computer system 174N maycommunicate. Nodes 1610 may communicate with one another. They may begrouped (not shown) physically or virtually, in one or more networks,such as Private, Community, Public, or Hybrid clouds as describedhereinabove, or a combination thereof. This allows cloud computingenvironment 170 to offer infrastructure, platforms and/or software asservices for which a cloud consumer does not need to maintain resourceson a local computing device. It is understood that the types ofcomputing devices 174A-N shown in FIG. 17 are intended to beillustrative only and that computing nodes 1610 and cloud computingenvironment 170 can communicate with any type of computerized deviceover any type of network and/or network addressable connection e.g.,using a web browser).

While embodiments of the present disclosure has been described in detailwith reference to exemplary embodiments, those skilled in the art willappreciate that various modifications and substitutions can be madethereto without departing from the spirit and scope of the disclosure asset forth in the appended claims.

What is claimed is:
 1. A method for compiling a matrix-product programinto an obfuscated-matrix-product program, the method comprising:receiving a plurality of matrices that form the matrix-product program;randomly generating a set of independent and invertible tensor-productmatrices; randomly generating a set of independent and invertiblelinear-transform matrices; and generating a dynamic-fence-generationgadget by processing at least one of the plurality of matrices, the setof tensor-product matrices and the set of linear-transform matrices,wherein the dynamic-fence-generation gadget is an obfuscated version ofcomputer program represented by the plurality of matrices.
 2. The methodof claim 1, wherein each of the tensor-product matrices are over afinite field.
 3. The method of claim 1, wherein each of thetensor-product matrices are over integers modulo a prime number.
 4. Themethod of claim 1, wherein the dynamic-fence-generation gadget comprisesa plurality of step-gadgets wherein each of the plurality of matrices isassociated with one of the plurality of step-gadgets.
 5. The method ofclaim 4, wherein processing the at least one of the plurality ofmatrices comprises a plurality of processing sub-steps wherein eachsub-step processes one of the plurality of matrices to produce saidstep-gadget.
 6. The method of claim 5, wherein the step-gadget is aquadratic function of its input and embedded within the quadraticfunction is the one of the plurality of matrices.
 7. The method of claim6, wherein the step gadget is a matrix S_(i,b) defined asS_(i,b)=mat{F_(i,b,j) ⁻¹×T_(i,b,x)×F_(i,b,m+1)×(F_(i,b,1)⁻¹×T_(i,b,x)×F_(i,b,m+1))^(T)×vec C_(i,b)}, wherein i=1 to n, m<n, b=0or 1, S_(i,b) is a t×t matrix, t≥2, C is one of the plurality ofmatrices that form the matrix-product program, F is one of the set oflinear-transform matrices,T_(i,b,x)=Π_(j=1,m)F_(i,b,j)×(G_(i,j,z)⊗H_(i,j,z))×F_(i,b,j+1) ⁻¹ is at²×t² matrix, G_(i,j,z)⊗H_(i,j,z) is one of the set of tensor-productmatrices, and z=x[j] wherein x is an input bit string of length m,wherein x[j]=0 or 1 for j=1 to m.
 8. The method of claim 7, furthercomprising: computing a plurality of matrices T_(i,b,x) for differentinputs x and a matrix S_(i,b) for each of the plurality of matricesT_(i,b,x); generating a matrix M from a sub-sequence ofMon²(vec(T_(i,b,x))) for each of the plurality of matrices T_(i,b,x);generating a matrix N by vectorizing each matrix S_(i,b) and forming amatrix from the vectors vec(S_(i,b)); and generating an obfuscatedprogram OP=mat{V*Mon²(vec(X))_(top)}, wherein V=N*M⁻¹ andMon²(vec(X))_(top) is a top sub-sequence of Mon²(vec(X))), wherein X isa new variable and OP is an obfuscation of a program represented by X.9. The method of claim 4, wherein generating a dynamic-fence-generationgadget further comprises combining the set of linear-transform matricesand the set of tensor-product matrices.
 10. The method of claim 9,wherein combining comprises: selecting one of the set of tensor-productmatrices and one of the set of linear-transform matrices; and applyingthe selected linear-transform matrix to a vectorization of the selectedtensor-product matrix.
 11. A method for executing an obfuscated-matrixproduct program on an input bit string, the method comprising the stepsof: receiving an input bit-siring; selecting a subset of a set ofmatrices of a matrix-product program using at least one bit of the inputbit-string; processing the subset of matrices into a set ofcolumn-matrices; generating a set of degree-two tensors by processing aset of tensor-product matrices and a set of linear transform matrices,wherein each of the set of degree-two tensors corresponds to one of theset of column-matrices; generating a sequence of gadget-outputs byproviding the degree-two tensors to the set of column matrices; andgenerating an output matrix of the said function by post-processing thesequence of gadget-outputs.
 12. The method of claim 11, wherein the stepof processing at set of tensor-product matrices and a set of lineartransform matrices comprises: calculating a set of matrices T_(i,b,x)for i=1 to n, b=x[i]=0 or 1, x is the input bit-string, defined asT_(i,b,x)=Π_(j=1,m)F_(i,b,j)×(G_(i,j,z)⊗H_(i,j,z))×F_(i,b,j+1) ⁻¹ is at²×t² matrix, t≥2, wherein F is one of the set of linear-transformmatrices, G_(i,j,z)⊗H_(i,j,z) is one of the set of tensor-productmatrices, and z=x[j].
 13. The method of claim 12, wherein the sequenceof gadget-outputs is a sequence of t×t matrices S_(i,b)=mat{F_(i,b,1)⁻¹T_(i,b,x)×F_(i,b,m+1)×(F_(i,b,12) ⁻¹×T_(i,b,x)×F_(i,b,m+1))^(T)×vecC_(i,b)}, wherein vec C_(i,b) is one of the set of column-matrices, andC_(i,b) is one of the subset of matrices of a matrix-product program.14. The method of claim 13, wherein post-processing the sequence ofgadget-outputs comprises generating the output matrix by multiplying thesequence of matrices S_(i,b).
 15. The method of claim 14, whereinpost-processing the sequence of gadget-outputs comprises outputting TRUEif and only if an output matrix W=Π_(i=1,n)S_(i,b) is not an identitymatrix.
 16. The method of claim 15, further comprising outputting falsewhen W is equal to an identity matrix.
 17. A computer program productfor compiling a matrix-product program into an obfuscated-matrix-productprogram comprising a non-transitory program storage device readable by acomputer, tangibly embodying a program of instructions executed by thecomputer to cause the computer to perform a method comprising the stepsof: receiving a plurality of matrices that form the matrix-productprogram; randomly generating a set of independent and invertibletensor-product matrices; randomly generating a set of independent andinvertible linear-transform matrices; and generating adynamic-fence-generation gadget by processing at least one of theplurality of matrices, the set of tensor-product matrices and the set oflinear-transform matrices, wherein the dynamic-fence-generation gadgetis an obfuscated version of computer program represented by theplurality of matrices.
 18. The computer program product of claim 17,wherein the dynamic-fence-generation gadget comprises a plurality ofstep-gadgets, wherein each of the plurality of matrices is associatedwith one of the plurality of step-gadgets, wherein processing the atleast one of the plurality of matrices comprises a plurality ofprocessing sub-steps wherein each sub-step processes one of theplurality of matrices to produce said step-gadget, wherein thestep-gadget is a quadratic function of its input and embedded within thequadratic function is the one of the plurality of matrices.
 19. Thecomputer program product of claim 18, wherein the step gadget is amatrix S_(i,b) defined as S_(i,b)=mat{F_(i,b,1)⁻¹×T_(i,b,x)×F_(i,b,m+1)×(F_(i,b,1) ^(−1×T)_(i,b,x)×F_(i,b,m+1))^(T)×vec C_(i,b)}, wherein i−1 to n, m<n, b=0 or 1,S_(i,b) is a t×t matrix, t≥2, C is one of the plurality of matrices thatform the matrix-product program, F is one of the set of linear-transformmatrices, T_(i,b,x)=Π_(j=1,m)F_(i,b,j)×(G_(i,j,z)⊗H_(i,j,z))×F_(i,b,j+1)⁻¹ is a t²×t² matrix, G_(i,j,z)⊗H_(i,j,z) is one of the set oftensor-product matrices, and z=x[j] wherein x is an input bit string oflength m, wherein x[j]=0 or 1 for j=1 to m.
 20. The computer programproduct of claim 19, wherein the method further comprises: computing aplurality of matrices T_(i,b,x) for different inputs x and a matrixS_(i,b) for each of the plurality of matrices T_(i,b,x); generating amatrix M from a sub-sequence of Mon²(vec(T_(i,b,x))) for each of theplurality of matrices T_(i,b,x); generating a matrix N by vectorizingeach matrix S_(i,b) and forming a matrix from the vectors vec(S_(i,b));and generating an obfuscated program OP=mat{V*Mon²(vec(X))_(top)},wherein V=N*M⁻¹ and Mon²(vec(X))_(top) is a top sub-sequence ofMon²(vec(X))), wherein X is a new variable and OP is an obfuscation of aprogram represented by X.